Cryptocurrency exchange Gate.io was apparently the target of hackers who compromised a widely used web analytics platform this week.
According to a report from internet security firm ESET on Tuesday, bad actors compromised popular, Ireland-based web analytics site StatCounter, in an attempt to steal bitcoin from the exchange's customers.
The attackers managed to inject malicious code into the script of StatCounter webpage, having also registered a domain very similar to the official one. The fake domain swapped two letters from the original to form "StatConuter", which can be difficult to spot while scanning for unusual activity, says ESET, adding that the domain had previously been suspended in 2010 for association with abusive behaviour.
StatCounter is used by more than two million websites, according to its own figures, and it provides statistics on billions of web hits daily. The fake account managed to get picked up by a number of sites, although Gate.io seems to have been the only target.
The report states that the script targets a specific uniform resource identifier (URI): "myaccount/withdraw/BTC."
"It turns out that among the different cryptocurrency exchanges live at time of writing, only Gate.io has a valid page with this URI. Thus, this exchange seems to be the main target of this attack," it concludes.
The URI is notably used by Gate.io to transfer bitcoin from its own account to an external bitcoin address, according to the report.
The script automatically replaces the user's bitcoin address with one belonging to the attackers, the report indicates.
As the malicious server generates a new bitcoin address each time a visitor loads the StatConuter script, "it is hard to see how many bitcoins have been transferred to the attackers," the researchers say.
After being notified by ESET about the breach, Gate.io announced Wednesday that it "immediately removed" the StatCounter service from its site, and stressed that the users' funds are "safe."
CoinMarketCap data indicates that Gate.io is the 38th largest crypto exchange globally by adjusted trading volume.
Hacker image via Shutterstock
The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.
Jiang Zhuoer: BTC.Top Will Support the Camp Favored by a Majority of Hash Power in the Bitcoin Cash Hash War
Jiang Zhuo’er and his BTC.TOP , a major Chinese mining pool, will not take side in the upcoming Bitcoin Cash’s hash war between two competing camps, Bitcoin ABC and Bitcoin SV. Zhuo’er shared h
F2Pool Will Support the Mining of BCHABC and BCHSV after Bitcoin Cash Hard Fork
F2Pool, the sixth largest bitcoin mining pool in the world, announced on Tuesday that it will allow miners to mine both coins generated from the upcoming Bitcoin Cash hard fork after the chain split
IBM Says Blockchain Can Power 'Open Scientific Research' in New Patent Filing
A patent application published Thursday claims the process of conducting scientific research can benefit from the blockchain.
Led by a team at IBM's Watson Research Center, the patent application p
CFTC Fines Bitcoin Trader $1.1 Million for Crypto Fraud
The U.S. Commodity Futures Trading Commission (CFTC) has jailed a bitcoin trader and fined him over $1 million for running a fraudulent bitcoin and litecoin scheme.
According to a press release iss
Japanese Firms Claim Success in Marine Insurance Blockchain Trial
One of Japan's largest insurance companies, Tokio Marine & Nichido Fire Insurance, and IT firm NTT DATA have completed a trial that put the paperwork for marine cargo insurance claims on a blockchain.
Accenture Puts Software License Management on a Blockchain Platform
Global professional services giant Accenture has rolled out a new software license management application built with tech from distributed ledger startup Digital Asset.
Accenture announced in a pre
Singapore's Central Bank, SGX Develop Blockchain Settlement System
The Monetary Authority of Singapore (MAS) and the country's stock exchange, Singapore Exchange (SGX), have developed a settlement system for tokenized assets that can work across different blockchains
Colorado Regulators Crack Down on Four More ICOs
Colorado regulators took action against four ICOs Thursday, bringing the state's total number of cease-and-desist orders against crypto startups to 12.
The state's "ICO Task Force" rebuked Bitcoin